Impossible to solve, but possible to mitigate.

Well, implementing "probabilistic solutions that, in theory, should work like 99% of the time, but 1% of the time your connection times out".

Yeah like in a network with multiple routers, 'how the hell can I make sure that when one router goes down, another is used as backup?'. Someone somewhere thought of making a virtual router, with each real router appearing as the one virtual one. When I learned about this, it sounded like a child came up with it. When a solution to a tech problem sounds so creatively simple as this, it's pretty jarring and funny.

I love that you work it out with white board markers on wide, endless printer paper :D Nothing has changed since the '90s at the very least.

because it was telling a problem without talking about a solution. Lame video this time.

​@@CottonInDerTube I think you missed the message ;p

@@CottonInDerTube literally the video title

@@CottonInDerTube the problem as stated seems simple but is provably impossible. The working solution is just a simple timeout as I state at the end of the video.

​@@richardclegg8027I do wish that it was elaborated a bit more why we'd need to have a timeout. I understand that it's impossible to have a proper goodbye, but I'd have liked to learn how software engineers could work around this with timeouts. Presumably, the person who's saying goodbye would just timeout the fin ack, but what about the person who is receiving the goodbye? If the initial fin is lost, they wouldn't send a fin ack and the person saying goodbye would just time it out, but what stops the person who failed to get the fin from just hanging in a read loop? I suppose I can maybe answer my own question with the concept of Keep-Alive requests and timeouts.

Same! Always love a two generals video.

I once had an study session type thing where these two techbros tried to explain they'd solved the general problem, and asked me if I had figured out how to *guarantee* that communication would succeed. I hadn't actually heard of the problem at the time, but I worked through the whole thing in a couple minutes and just said "I'm pretty sure communication cannot be guaranteed in every circumstance, or I've misunderstood the question, or I'm just missing the solution." They told me I was *wrong*, you just had to send a lot of messengers, that's how you guarantee the message will get through. I said "uh, that's a statistical sound approach, but it's not a guarantee. Your solution can get you as many nines as you want, but you can't guarantee it." and they said "sure you can, just send enough and it's guaranteed." I just stared at them for about 10 seconds, a bit shocked, then I thought for a moment, grabbed a three pieces of scratch paper, folded them up and tore them into 8 pieces each as I suggested the following: "let's do an experiment to model your solution. I'm going to be the internet route and all the gateways between your two subnets. You two need to sit at different tables facing away from each other. You (TB1) are going to play the client trying to close the TCP connection [handed him 8 scraps of paper]. Each FIN packet you send should contain a new nonce, and it's vital that you send each one with a different nonce, because I'm going to be a lossy network and lose most of your packets. Make sure you keep sending them until you get the FINACK, don't stop until you get that. Just put them on the corner of the desk, and each time I come over, I'll pick them up, throw a few out, and hand the rest to the other guy." I went over to tech bro 2, handed him the second pile of scraps, and said "you'll obviously send FINACK messages with the most recently received nonce. Once you get a FIN packet, just start writing FINACK with the highest nonce you've seen, okay?" Then I went back to TB1 and said "once you get the FINACK, you will start writing ACK on pieces of paper with the most recent nonce until you know TB2 has received them, okay? Don't look backward, you just have to send enough that you know he's gotten at least one, okay?" (To both) Now, remember, you keep sending your packets until you know for sure that everyone's on the same page, that's any ACK from . , keep in mind you can't stop sending FINACK until you get an ACK." So we started, I took like 7 FIN packets and threw them out before finding TB2 one. TB1 stopped at 8, which is fine. TB2 started sending FINACK, and I threw out 3 of them before I started giving them to TB1. TB1, of course, started writing ACK packets and putting them on the corner of his desk. I took the first 2 ACKs, threw them out, then I just left without a word. Took my backpack, turned off my phone, didn't answer their calls. They called me an asshole. I kept ----ng th-- -hy the- --ed to underst--- ho- packe- --ops can aff--t data tra--fe-.

Macromedia Director was probably the application I first used for animation! -Sean

dreamweaver and fireworks, name a more iconic duo

What was that website where you could play Flash games from the 2000s

@@der.Schtefan Do you have even the slightest idea how little that narrows it down?

3:56 for anyone wondering

Rhetorical questions always trip me up

You are right. The correct close sequence is FIN FIN/ACK ACK. How annoying. Slip of the pen and voice. Sorry, very hard to write and talk while improvising it all.

I got Sean to add some text about this in the description. Thanks for pointing it out (I hadn't actually seen the video myself when you commented). It's a bit of a *blush* moment because I teach this (correctly) every year but it's pretty hard for me to completely avoid this kind of a slip. [The sequence is easy to remember because it's basically the same as SYN SYN/ACK ACK.]

Isn't the close down aka as 4way teardown?

@@japanskakaratemuva5309 It can be either 3 or 4 packets, depending on how the non-initiating peer handles the close. Each side must send a FIN to close its side, so the non-initiating peer could delay closing, and even continue to send in a state known as "half-closed". But OTOH, it could, and often does, send a FIN in the same packet as the one that acknowledges the initiating peer's FIN, resulting in a 3-way close.

@@japanskakaratemuva5309yes. FIN. FIN-ACK. ACK. The FIN-ACK can be two packets but is often one.

Hahaha aww! 😂❤

That's nice, your son speaks UDP instead of TCP :)

@@michaeldamolsen love that! 😂❤️

UDP friend ?

@@Ediolot123 I laughed way too hard at this, thanks!

@@Ediolot123 Half the time, they only heard every second word of the conversation 😂

@@Ediolot123 This answer deserves way more credit!

I won't close a connection until you've acknowledged that I acknowledged that you acknowledged that I acknowledged that you acknowledged that I acknowledged that you acknowledged that I acknowledged that you acknowledged that I acknowledged that you acknowledged that I acknowledged that you acknowledged that I acknowledged that you...

@@IceMetalPunk ... acknowledged that I acknowledged that you acknowledged that I acknowledged that you acknowledged that I acknowledged that you acknowledged that I acknowledged that you acknowledged that I acknowledged that you acknowledged that I acknowledged that you acknowledged that I acknowledged that you...

The ack of the ack is that you stop sending the original packet

@@thewhitefalcon8539 But how do you know whether the other party actually stopped sending, or the packets just got lost in transit?

And then there's the case where someone just continues talking to be met with a "Huh? Stop. I'm not whoever you thought you were talking to." That's what RST is for.

SYN, FIN-ACK is a great song

LOL

The reason is that the makers put in effort to try and make the video both enjoyable, but also informative

Those attacks can be mitigated with syn cookies. SCTP solves it by using a 4-step handshake.

Can work. The better version is slow loris.

A particular kind of DOS attack, called a syn flood. Because these can be mitigated pretty easily, most DOS attacks these days are DDOS using botnets that act like legitimate traffic, just way way too much of it.

No. 10...

Computationally intensive cos both need to run and monitor timers

@@thekaxmax They already _do_ have timers, though. As long as the connection is open, there's always a need to wait for more packets and time it out if nothing is received for too long. (No need for pinging. Just sending or acknowledging data is enough to prove aliveness. But if no data is sent for a while, there are so-called keep-alive packets, which just repeat acknowledgment of the other side. It's like a response to a ping, but without the ping itself, because they aren't trying to measure their latency.) And even more, when sending a steady stream of data, the sender needs to regulate (with the receiver's help) the rate at which it sends, to avoid network congestion.

You need a low resource low packet transmission solution because a working machine may have tens of thousands of such connections. The actual solution used is just to wait a little bit so very similar (but to part of your suggestion).

You’d essentially end up with the same exact problem. Think about the SYN/FIN packets as ping requests and the ACK packets as ping replies. You just end up with the exact same issue. How do you know if the remote host has gone or if your replies are just getting lost/corrupted/dropped?

@@michaelcobb1024 Timeout time==assumed not there any more. Some systems will reattempt connection after a timeout to try and get rerouted around the issue.

You can get arbitrarily close with lots and lots of redundancy -- which for the attack problem you would definitely want to do -- for the close down problem it is not worth the time... just have the little hacky pause.

Connection timeouts are the final orderly finish

That is a fair point. One computer might just die. Honestly closing distributed protocols properly is the toughest thing. It is a shame though that the orderly shut down has no satisfying solution.

Were explained elsewhere

Bugs are not fixed. They're replaced by better bugs.

@@Llortnerof or, in the case of Microsoft starting to develop Windows NT, "These 82,000 bugs are not bugs, they're features" and took them out of the bug-fix process.

It's a well known problem, many people have talked about it.

The difficulty (as you later said) is the unreliable communication network. It closer to talking to my dad on the phone who is going deaf. You never know what he heard!

@@asagk so a timeout to DEAD has a default of 15 minutes I believe. If you don't use FIN at all just let the connection dangle then every connection hangs around your client and server 15 minutes at both ends if you just stop sending. Here a shorter timer is used at one end only 2xMSL which was originally 4 minutes but on a lot of systems 1 minute. It can be tuned shorter with few bad effects to your system if you are running a busy web server with a high churn of connections. If you look at a busy server though you will see a bunch of connections in TIME_WAIT. It is all about efficiency. If you could just probably close then your system does not need to maintain them and you can squeeze more connections out of it.

@@richardclegg8027 Well, what you describe is primarily a result of poor software design along with TCP usage. There is no reason to maintain connections beyond a request and its response if no further requests are planned. Keeping connections alive for several minutes while not in use is just a malicious use of TCP. So timeouts of less than 1 minute for idle connections are obviously the right way to solve this problem with bad TCP practices.

In the old days there were mountains of those everywhere. If you had just a little leftover at the end of that era, that lasts for a lifetime. Except it looks new. Probably many organizations kept using those old machines for decades, and needed a steady supply, so it's still manufactured somewhere.

Yes, 2-phase commit is vulnerable in the same way. 3-phase commit is the kludge.

Three phase commit is a little like the SYN SYN/ACK ACK open connection. After three phase we are sure both sides are alive. Two phase are not enough and we cannot be sure both sides are open.

@@richardclegg8027 thx

The symettry breaks because on start up both sides stay switched on listening for new packets. If there is an error and more packets are sent they will receive them. On close down the two machines want to stop listening for packets. If a machine closes the connection and there are still packets out there this can be a genuine problem. Closing a connection is an action that cannot be reversed once you do it just like the general committing to attack. If it was an error there will be a problem. On opening a connection there is no such irreversible action. Connection closing doesn't really use message "absence" except as (say) a signal to retransmit FIN if it did not get FIN ACK (symettrical with retransmit SYN if you don't get SYN ACK). If you look at the state diagram for TIME_WAIT it there is no state change depending on packet presence or absence.

I buy reams of it from paperstone office supplies -Sean

My guess is that how would first general know that they received 2 messages? First general sends a bunch and assume they got it, but if they were all intercepted the first general would be charging in alone. Or the second general receives it and sends a bunch back but they all get intercepted, so same problem as the original 2 generals problem.

@@ilikekitty10 simply send the entire state of the system. for each message show if it's OK or ?? for each of the generals. After some messages you have enough history to confirm that both you and the other party have received enough messages. Problem is that the payloads gets bigger and bigger.

@@Nope-w3c and you still just end up waiting around.... ...man that sounds familiar, doesn't it? 😆

You're getting closer to the real world (computing, not military) solution. The real-world approach (assuming you really must coordinate) is to keep sending messages back and forth on a regular schedule. Each contains some sort of in-order numbering, and a summary of both the senders state and what the sender knows about the receiver's state. And of course you repeat all messages until they are acknowledged. This all gives enough information for both parties to judge whether you have a reliable-enough connection, and almost always come to the same conclusion. If the connection is unreliable, those parties stop trying to co-ordinate (so in the example, they wouldn't attack). This approach works well enough even for more than 2 parties. The downside is it's a lot of network traffic, and can introduce human-scale latencies when communication is iffy, so it doesn't scale past a few parties.

@@blazearmoru you can't know how many have been received without a message to tell you how many have been received. That message may be lost. So if your protocol is "send 10 messages and attack if 4 are received" you end up in the same problem. The other general sends back "4 messages received" and sets off to attack but that message is lost so you don't attack. Take a look at the WP page for two general problem which lays out the proof in full.

That doesn't work, and it's explained in the video. If the second general sends the Ack but the first general doesn't receive it, how does the second general know not to attack? He'll attack in an hour, and the first general won't - because there's no guarantee the 'attack in another hour' message will get through. It can work if the messages aren't intercepted, but that's not the problem - the problem is whether there's a way to always make it work no matter how many messages don't get through.

an keep a resource locked for an hour😅

I think the point is deterministic finalisation is possible when things are peachy, but when things go pear shaped, either side may not play fruit ninja in time, depending on where the loss is/was.

The used solution is something like this. Send the FIN FIN/ACK ACK but just hang around a little in case there was a problem. It works but it is just inelegant and slightly wasteful.

It feels like there should be some solution doesn't it. Imagine green general sends "I am going to attack even if I don't hear from you again" but that message is lost. Now green general attacks but the purple general doesn't. If you want full proofs take a look at Wikipedia two generals problem

Well, let's say you send that message, but the other general isn't ready to attack so sends a "don't attack" message which is then intercepted. You then charge in alone.

​@@hughcaldwell1034exactly this. You change the problem but don't solve it. Now you have the "has the attack been called off" problem.

This is true but that is a worse solution. If a connection just *dies* (say the network connection ceased) and no FIN FIN-ACK ACK procedure is followed then the TCP connection at both ends hangs around for 15 minutes. That's a huge amount of time for a busy web server that wants to handle thousands of connections a second. You only have a limited number of connections available at once and you want to reuse them as soon as possible. So while what you say is true it's completely a worst case. If everyone connecting to a webserver did not send FIN and just shut their end of the connection that webserver would be much less efficient.

It is a bit of "sleight of hand" to call that a solution to the two generals problem. It solves a slightly different but related problem. His problem was (by analogy) to stop the generals attacking twice. The usually defined two generals problem is insoluble as stated (you can look up full proofs on Wikipedia). It is cool though that he does a nice video on a problem which is related.

Because you don't know if the lack of confirmation is because your message got intercepted (in which case attacking gets you killed) or because the response got intercepted (in which case not attacking gets your fellow general killed). As you make the protocol more complex you reduce the probability of one of the generals dying but the point is that it's impossible to reduce the probability to 0. Also (when it comes to the technical solution), there's no shared observations, just the messages, and there's no reliably synchronised clock which makes the whole thing harder however that's irrelevant to the purist 2 generals.

This would work but it is less efficient than the actual solution. The actual solution has one connection inefficiently waiting around consuming some resources. This solution would have both ends of the connection doing it. The point really is to avoid the inefficiency or having the connection hang about.

​@@richardclegg8027 It also presumes that all connections will be able to send and receive the important thing within 5 seconds, or some threshold. Some connections are choppier, or slower, or faster, than others.

@@ZT1ST the defined limit is MSL Maximum Segment Lifetime which is the longest time we consider a packet could plausibly be in the network. The close here waits twice that. It was originally defined as two minutes though some people set it more aggressively.

no ack at all..

It sounds like you're going with something similar to the "pragmatic approach" from the Wikipedia page on the problem. The important point there (which was unstated in your post) is that General A (that sends the attack message) is going to attack regardless. General B (sending the acknowledgement) will attack at the stated time(i.e. Dawn) if even one message arrives. General A retries until hearing an acknowledgement (or alternatively will just send a static number of messages... such would make the ack irrelevant). This doesn't solve the issue because if every "attack" message is lost then General B never hears the dawn attack time and so General A dies. As an aside, in the specific technical case we're talking about there isn't a dawn, we can't rely on clocks being synchronised and, even if we could, we can't rely on all sides having enough compute to be able to handle storing a timestamp for every connection that's shutting down. But that's all secondary to the detail of the original thought experiment.

@@dantenotavailable What about only having General A attack if an acknowledgement was received?

@@Anonymous-df8it Leaves you open to the chain of events where General B receives the attack message and sends the Ack but the Ack is intercepted. If your next thought is "ok they need to get X acknowledgements" then shift where the messages get lost to the last acknowledgement. If you think "ok A sends attack messages until they get any acknowledgement from B and attacks only if they get that acknowledgement" is vulnerable to all acknowledgements being lost. The key to the pragmatic approach is not that it solves the problem (there's no guarantees that both attacks go in) but the probability of failure is much less.

Say you want to reset. A tells B to reset. B sends ack back, but the ack gets lost. B got reset, and send ack. They did do the reset. A never got an ack, and thinks B never got the message. A is not reset, but B is.

If the generals both arrive with a standing agreement to attack because they were able to meet before hand and reliably agree that just works. The idea you might be able to cancel it gets into the reverse problem. One general sends cancel, the other does not receive it and attacks and gets killed.

still doesn't solve the problem if messages start going missing at the threshold between 'sort of sure' and 'reasonably sure', which may be different for both Generals and thus one General still may attack alone.

@@fiddley Yes you can, if you get an out of order packet, you know you've lost one along the way. And as long as the packet ordering is preserved, you can be reasonably sure that the packets before that have been delivered.

@@RealCadde It doesn't matter what scheme you introduce, there is *ALWAYS* some uncertainty as to whether both generals will attack. You can make the uncertainty very small, but never zero. This is *mathematically* proven so despite what your common sense is telling you, you're wrong. Go check out the WP article.

@@fiddley If you can be sure that you have gotten to this point in a conversation then you can be sure that everything prior to it has been sent and received. Refuting that is flat earther territory IMHO.

@@RealCadde Are you really comparing flat earth with a mathematical proof? Cool you do you. Have a nice day 😆

Well that's the crutch he mentioned at the end of the video, the sender has to wait a bit on the line to see if the receiver actually got the final message, before hanging up. So it's essentially the same issue and same solution.

The thing is a timeout at the end of the last message is already the actual solution. It is not a big deal it is just a little inelegant. In a busy system you often see a lot of them just hanging about waiting. Does not cause a lot of harm but just a bit annoying where the opening protocol is tighter.

@@jocamar15 I see what you're saying, but with onus of reliability on the sender, timing-out without knowing if the last message was received feels like it's not doing it's job properly, whereas if onus was on the receiver, then timeout feels more-correct, as it's up to the receiver to say "actually I didn't get that packet". So even though I accept this doesn't solve the theoretic issue (which is unsolvable), I do feel that is does render the issue slightly more moot. Original issue aside though, I do believe it would add the benefit of lowering the network congestion at the server-side slightly. I'm not sure if my original post explained why I believe this well enough, but I was conscious of how long the post was already.

@@richardclegg8027 even with the timeout, if onus was on the receiver under the model above, a final courtesy ACK to the final message could be sent. It would be sent purely as a fire-and-forget, but it would at least close a high percentage of connections rather than having them all wait on the timeout.

I imagine you still send a FIN just to be courteous - you just limit how many times you resend it without receiving a response before giving up and dropping the connection without a confirmed termination.

You send the FIN FIN/ACK ACK but hang around just a little in case there's a need to send the last one again.